<?php	require_once(dirname(__FILE__).'/../include/common.inc.php');require_once(dirname(__FILE__).'/inc/manageui.inc.php');



//初始化参数
$dopost = isset($dopost) ? $dopost : '';



if(!isset($_SESSION)) session_start();

//判断登录请求
if($dopost == 'login')
{

	//初始化参数
	$username = empty($username) ? '' : $username;
	$password = empty($password) ? '' : md5(md5($password));
	$question = empty($question) ? 0  : $question;
	$answer   = empty($answer)   ? '' : $answer;
	$vcode   = empty($vcode)   ? '' : $vcode;



	//验证输入数据
	if($username == '' or
	   $password == '')
	{
		header('location:login.php');
		exit();
	}

	if($_SESSION['vcode']!=$vcode){
			ShowMsg('验证码不正确','login.php');
			exit();
	}

	//删除已过时记录
	$dosql->ExecNoneQuery("DELETE FROM `#@__failedlogin` WHERE (UNIX_TIMESTAMP(NOW())-time)/60>15");


	//判断是否被暂时禁止登录
	$r = $dosql->GetOne("SELECT * FROM `#@__failedlogin` WHERE `username`='$username'");
	if(is_array($r))
	{
		$min = round((time()-$r['time']))/60;
		if($r['num']==0 and $min<=15)
		{
			ShowMsg('您的密码已连续错误6次，请15分钟后再进行登录！','login.php');
			exit();
		}
	}


	//获取用户信息
	$row = $dosql->GetOne("SELECT * FROM `#@__admin` WHERE `username`='$username'");


	//获取管理组信息
	if(isset($row) && is_array($row))
		$row2 = $dosql->GetOne("SELECT `groupsite`,`checkinfo` FROM `#@__admingroup` WHERE `id`=".$row['levelname']);


	//密码错误
	if(!is_array($row) or $password!=$row['password'])
	{
		$logintime = time();
		$loginip   = GetIP();

		$r = $dosql->GetOne("SELECT * FROM `#@__failedlogin` WHERE `username`='$username'");
		if(is_array($r))
		{
			$num = $r['num']-1;

			if($num == 0)
			{
				$dosql->ExecNoneQuery("UPDATE `#@__failedlogin` SET time=$logintime, num=$num WHERE username='$username'");
				ShowMsg('您的密码已连续错误6次，请15分钟后再进行登录！','login.php');
				exit();
			}
			else if($r['num']<=5 and $r['num']>0)
			{
				$dosql->ExecNoneQuery("UPDATE `#@__failedlogin` SET time=$logintime, num=$num WHERE username='$username'");
				ShowMsg('用户名或密码不正确！您还有'.$num.'次尝试的机会！','login.php');
				exit();
			}
		}
		else
		{
			$dosql->ExecNoneQuery("INSERT INTO `#@__failedlogin` (username, ip, time, num, isadmin) VALUES ('$username', '$loginip', '$logintime', 5, 1)");
			ShowMsg('用户名或密码不正确！您还有5次尝试的机会！','login.php');
			exit();
		}
	}


	//密码正确，查看登录问题是否正确
	else if($row['question'] != 0 && ($row['question'] != $question || $row['answer'] != $answer))
	{
		ShowMsg('登录提问或回答不正确！','login.php');
		exit();
	}


	//密码正确，查看是否被禁止登录
	else if($row['checkadmin'] == 'false')
	{
		ShowMsg('抱歉，您的账号被禁止登录！','login.php');
		exit();
	}


	//密码正确，查看管理组是否被禁用
	else if($row2['checkinfo'] == 'false')
	{
		ShowMsg('抱歉，您的所在的管理组被禁用！','login.php');
		exit();
	}


	//用户名密码正确
	else
	{
		$logintime = time();
		$loginip = GetIP();


		//删除禁止登录
		if(is_array($r))
		{
			$dosql->ExecNoneQuery("DELETE FROM `#@__failedlogin` WHERE `username`='$username'");
		}

		

		//设置登录站点
		$r = $dosql->GetOne("SELECT `id`,`sitekey` FROM `#@__site` WHERE `id`=".$row2['groupsite']);
		if(isset($r['id']) &&
		   isset($r['sitekey']))
		{
			$_SESSION['siteid']  = $r['id'];
			$_SESSION['sitekey'] = $r['sitekey'];
		}
		else
		{
			$_SESSION['siteid']  = '';
			$_SESSION['sitekey'] = '';
		}

		//提取当前用户账号
		$_SESSION['admin']         = $row['username'];

		//提取当前用户权限
		$_SESSION['adminlevel']    = $row['levelname'];

		//提取上次登录时间
		$_SESSION['lastlogintime'] = $row['logintime'];

		//提取上次登录IP
		$_SESSION['lastloginip']   = $row['loginip'];
				//提取当前用户权限 楼盘
		$_SESSION['nickname']    = $row['nickname'];
		$_SESSION['is_wage']    = $row['is_wage'];
		$_SESSION['check_wage']    = $row['check_wage'];
		$_SESSION['uid']    = $row['uid'];

		//记录本次登录时间
		$_SESSION['logintime']     = $logintime;

		//更新登录数据
		$dosql->ExecNoneQuery("UPDATE `#@__admin` SET loginip='$loginip',logintime='$logintime' WHERE `username`='$username'");

		//更新操作日志
		SetSysEvent('login');

		//判断访问设备
		if(IsMobile())
		{
			$_SESSION['siteeq'] = 'mobile';
			header('location:default_mb.php?c=index');
			exit();
		}
		else
		{
			$_SESSION['siteeq'] = 'pc';
			header('location:default.php');
			exit();
		}
	}
}

//获取登录背景
function GetLoginBg()
{
	global $cfg_loginbgcolor,$cfg_loginbgimg,
	       $cfg_loginbgrepeat,$cfg_loginbgpos;

	//背景重复
	if($cfg_loginbgrepeat == 0)
		$loginbgrepeat = 'no-repeat';
	else if($cfg_loginbgrepeat == 1)
		$loginbgrepeat = 'repeat-x';
	else if($cfg_loginbgrepeat == 2)
		$loginbgrepeat = 'repeat-y';
	else
		$loginbgrepeat = 'no-repeat';

	//背景对齐
	if($cfg_loginbgpos == 0)
		$loginbgpos = 'left 0';
	else if($cfg_loginbgpos == 1)
		$loginbgpos = 'center 0';
	else if($cfg_loginbgpos == 2)
		$loginbgpos = 'right 0';
	else
		$loginbgpos = 'center 0';

	return 'style="background-color:'.$cfg_loginbgcolor.';background-image:url('.$cfg_loginbgimg.');background-repeat:'.$loginbgrepeat.';background-position:'.$loginbgpos.';"';
}



?>
<!DOCTYPE HTML>
<html>
<head>
<meta charset="utf-8">
<title>中泓高科</title>
<script src="templates/js/jquery.min.js"></script>
<link href="templates/style/login.css" rel="stylesheet" type="text/css" />
<script src="templates/js/cloud.js" type="text/javascript"></script>
<script type="text/javascript" src="layer/layer.js"></script>
<script>
function getVcode()
{
	if($("#username").val() == "")
	{
		alert("请输入用户名！");
		$("#username").focus();
		return false;
	}
	if($("#password").val() == "")
	{
		alert("请输入密码！");
		$("#password").focus();
		return false;
	}
	var _username=$("#username").val();
	var _password=$("#password").val();
	$.ajax({
            type: 'POST',
            url: "login_check.php",
            data: { op: 'check', username: _username,password:_password},
            dataType: 'JSON',
            success: function (result) {
                console.log(result);
                if (result.errno == 0) {
                    console.log(result.msg);
                    if (result.msg === "ok") {
                        $(".lianxi_box").hide();
                        layer.msg('验证码发送成功,请输入验证码');
                        $("#getVcode_btn").hide();
                        $("#login_btn,#vcode").show();
                    } else {
                        layer.msg(result.msg);
                    }
                }
            }
        });


}



function login_do()
{
	 console.log("4556");
	if($("#username").val() == "")
	{
		alert("请输入用户名！");
		$("#username").focus();
		return false;
	}
	if($("#password").val() == "")
	{
		alert("请输入密码！");
		$("#password").focus();
		return false;
	}
	if($("#vcode").val() == "")
	{
		alert("请输入验证码！");
		$("#vcode").focus();
		return false;
	}

	$(".login").submit();

}

function CheckForm()
{
	if($("#username").val() == "")
	{
		alert("请输入用户名！");
		$("#username").focus();
		return false;
	}
	if($("#password").val() == "")
	{
		alert("请输入密码！");
		$("#password").focus();
		return false;
	}
	if($("#vcode").val() == "")
	{
		alert("请输入验证码！");
		$("#vcode").focus();
		return false;
	}

}

$(function(){
	$(".loginForm input").keydown(function(){
		$(this).prev().hide();
	}).blur(function(){
		if($(this).val() == ""){
			$(this).prev().show();
		}
	});



	$("#username").focus();
	
        $('.loginbox').css({ 'position': 'absolute', 'left': ($(window).width() - 692) / 2 });
        $(window).resize(function() {
            $('.loginbox').css({ 'position': 'absolute', 'left': ($(window).width() - 692) / 2 });
        })
	
});
</script>
</head>
<style type="text/css">
.loginbox ul li { margin-bottom: 10px !important; }
.hide{ display: none; }
</style>

<body style="background-color:#1c77ac; background-image:url(../templates/images/light.png); background-repeat:no-repeat; background-position:center top; overflow:hidden;">
<div id="mainBody">
  <div id="cloud1" class="cloud"></div>
  <div id="cloud2" class="cloud"></div>
</div>  
<div class="logintop">    
    <span>中泓高科   服务热线：<?php echo $cfg_hotline;?></span>       
    </div>
    
    <div class="loginbody">
    
    <span class="systemlogo"></span> 
    <div class="loginbox">  
    <ul>
        <li><input name="username" type="text" class="username" value=""  id="username" /></li>
        <li><input name="password" type="password" class="password" value="" id="password"/></li>
        <li><input name="vcode" type="text" class="password hide"  placeholder="微信验证码" id="vcode"/></li>
        <li><input name="" id="getVcode_btn" type="button"  class="loginbtn" value="获取验证码"  onclick="getVcode()"  /></li>
        <li><input name=""  class="loginbtn hide" value="登录" onclick="login_do()"  id="login_btn" /></li>
        <input type="hidden" name="dopost" value="login" />
    </ul> 
      </div>     
    </div>  
    
    <div class="loginbm"></div>   
</body>
</body>
</html>
